* CVE-2012-2335: Additional unsafe cgi wrapper scripts
are also fixed now.
* CVE-2012-2336: Even more commandline option handling
is filtered, which could lead to crashes of the php
interpreter.
* CVE-2012-2386: heap based buffer overflow in php's
phar extension
* CVE-2012-2143: The crypt() implementation ignored
wide characters, leading to shorter effective password
lengths. Note: With this update applied affected passwords
will no longer work and need to be set again.